sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(loyalty): production readiness round 2 — 12 security, integrity & correctness fixes
Some checks failed
CI / ruff (push) Successful in 12s
Details
CI / validate (push) Successful in 27s
Details
CI / dependency-scanning (push) Successful in 31s
Details
CI / pytest (push) Failing after 3h14m58s
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details

Browse Source 
Security:
- Fix TOCTOU race conditions: move balance/limit checks after row lock in redeem_points, add_stamp, redeem_stamps
- Add PIN ownership verification to update/delete/unlock store routes
- Gate adjust_points endpoint to merchant_owner role only

Data integrity:
- Track total_points_voided in void_points
- Add order_reference idempotency guard in earn_points

Correctness:
- Fix LoyaltyProgramAlreadyExistsException to use merchant_id parameter
- Add StorefrontProgramResponse excluding wallet IDs from public API
- Add bounds (±100000) to PointsAdjustRequest.points_delta

Audit & config:
- Add CARD_REACTIVATED transaction type with audit record
- Improve admin audit logging with actor identity and old values
- Use merchant-specific PIN lockout settings with global fallback
- Guard MerchantLoyaltySettings creation with get_or_create pattern

Tests: 27 new tests (265 total) covering all 12 items — unit and integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-03-16 23:37:23 +01:00
parent b6047f5b7d
commit 7d652716bb
20 changed files with 955 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/modules/loyalty/routes/api/store.py
View File

@@ -244,6 +244,10 @@ def update_pin(
db: Session = Depends(get_db),
):
"""Update a staff PIN."""
pin = pin_service.require_pin(db, pin_id)
if pin.store_id != current_user.token_store_id:
from app.modules.loyalty.exceptions import StaffPinNotFoundException
raise StaffPinNotFoundException(str(pin_id))
pin = pin_service.update_pin(db, pin_id, data)
return PinResponse.model_validate(pin)
@@ -255,6 +259,10 @@ def delete_pin(
db: Session = Depends(get_db),
):
"""Delete a staff PIN."""
pin = pin_service.require_pin(db, pin_id)
if pin.store_id != current_user.token_store_id:
from app.modules.loyalty.exceptions import StaffPinNotFoundException
raise StaffPinNotFoundException(str(pin_id))
pin_service.delete_pin(db, pin_id)
@@ -265,6 +273,10 @@ def unlock_pin(
db: Session = Depends(get_db),
):
"""Unlock a locked staff PIN."""
pin = pin_service.require_pin(db, pin_id)
if pin.store_id != current_user.token_store_id:
from app.modules.loyalty.exceptions import StaffPinNotFoundException
raise StaffPinNotFoundException(str(pin_id))
pin = pin_service.unlock_pin(db, pin_id)
return PinResponse.model_validate(pin)
@@ -762,7 +774,10 @@ def adjust_points(
current_user: User = Depends(get_current_store_api),
db: Session = Depends(get_db),
):
"""Manually adjust points (store operation)."""
"""Manually adjust points (merchant_owner only)."""
if current_user.role != "merchant_owner":
raise AuthorizationException("Only merchant owners can adjust points")
store_id = current_user.token_store_id
ip, user_agent = get_client_info(request)